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Data encipherment and decipherment is achieved by converting blocks of input bits into blocks of output bits. The 
input bits are subjected to the operation of an algorithm, such as in accordance with the DES standard, involving a plurali- 
ty of bit-permutation and/or substitution operations selected under the control of a key of substantial length. In the inven- 
tion the operations available for selection by the key are changed in response to operation-control data received from an 
external source such as one involving the use of teletext or videotext, or using card or bar code readers, or direct keyboard 
input. 



WO 88/01 119 A A PCT/GB87/00557 



- 1 - 



DATA ENCIPHERMENT 
BACKGROUND OF THE INVENTION 

This invention relates to a data encipherment apparatus and 
method which converts a block of input bits into a block of output 
bits under the control of a key of substantial length. 

Several data encryption algorithms have been defined where the 
Input data Is converted into output data by passing it through a 
succession of bit-permutation operations (re-arranging the order of 
the bits in the data word) and substitution tables (groups of bits 
are used to address tables which produce new bit patterns). Typical 
algorithms have input and output words of 64 bits and are controlled- 
by a key of up to 64 bits in length. The exact process of the 
conversion depends in each case not only on a key variable which 
acts upon the data path, but also upon the definitions of the bit 
permutations and substitution tables around which the algorithm is 
constructed . 

One example of such an encryption method is known as DES and 
published by U.S. National Bureau of Standards, "Data Encryption 
Standard 11 , Federal Information Processing Standards Publication 46 
(January 15, 1977). This specification assumes a knowledge of this, 
standard. 

The DES standard defines an algorithm based upon five bit- 
perrautation operations and eight substitution tables. The bit 
permutation tables are themselves each defined by a table which 
lists, for each output bit, the bit number of the corresponding 
input bit. An output bit cannot be fed from. more than one input bit 
but it Is possible for two or more output bits to be fed from the 
same input bit (this is known as an expanded permutation) or for 
some input bits to not be used at all (a permuted choice). 

In a software realisation of the algorithm the 
substitution tables and the tables defining the bit permutations 
would be stored as data constants in read only memory. 

Other examples of encipherment algorithms using bit 
permutations and/or substitutions are to be found in our British 
Patent Applications Nos. 8607961 and 8610733 (International Patent 
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Applications PCT/J87/00216 and PCT/^87/00266) . 



SUMMARY OF THE INVENTION 

According to this invention we provide a data cipherment j 
method and apparatus for converting a block of input bits into a j 
block of output bits, in which data is subjected to the operation of 
an algorithm defining a plurality of bit-perautation and/or 
substitution operations selected under the control of a key of 
substantial length, in which the operations available for selection 
by the key can be changed in response to operation-control data 
obtained from an external source. 

In this specification the term cipherment is used to cover both 
encipherment and decipherment. 

Thus for example with the DES algorithm instead of storing the 
substitution and bit-permutation tables in read-only memory they are 
stored in read/write memory so that they can be loaded with data 
obtained from an external source. The source may involve the use of 
transmission techniques such as teletext or videotex (Prestel) or 
input techniques such as card readers, bar code readers, or direct 
keyboard input. 

This enables the effect of the algorithm to be changed in a 
more drastic way than by changing the key variable alone. The 
changed algorithm is then no longer the defined DES algorithm but 
one of very many possible variants of it. The data loaded into the 
tables must conform to various restrictions imposed for the 
particular type of algorithm being modified. 

BRIEF DESCRIPTION OF THE DRAWING 

The invention will be described in more detail with reference 
to the DES algorithm as illustrated by the accompanying drawing in 
which the sole figure is a flow chart illustrating the logical 
structure of the DES algorithm. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

As the DES algorithm is itself known detailed description of ^ 
the drawing is not deemed necessary, and reference should be made to 
the DES standard noted above. (This is reprinted with additional 
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comment in "Cipher Systems" by H. Beker and F. Piper published by 
Northwood Publications 1982 ISBN 7198 2611 X), The figure in the 
drawing is taken from page 55 of "Security for Computer Networks" by 
D.W. Davies and W.L. Price published by John Wiley and Sons, ISBN 
0 471 90063 X. Reference should be made to that book for a detailed 
description of the figure. The algorithm comprises a succession 
of five bit-permutation operations PCI, PC2 , IP, IP" 1 and E, in 
which the order of the bits in the data word is re-arranged, and 
eight substitution tables in the S boxes in which groups of bits 
are applied as inputs to look-up tables which produce new bit 
patterns. PCI and PC2 are permuted choice and E is an expanded 

permutation. The number of bits being processed at various points 
is indicated on the figure. 

It is seen in the drawing that some of the operations are 
outlined by dashed boxes U to Z. These boxes define areas capable 
of external re-definition. These areas provide changeable data as 
follows : 



Table of Changeable Data 



Operations 


Words 


X 


Bits 


Total 


IP and IP -1 


64 


X 


6 


384 


PCI 


56 


X 


6 


336 


PC 2 


48 


X 


6 


288 


E 


48 


X 


5 


240 


P 


32 


X 


5 


160 


S boxes 


8 x 64 


X 


4 


2048 








TOTAL: 


3456 



Thus for the DES algorithm the total data content of all the bit- 
permutation and substitution tables approaches 3500 bits. This 
gives greater freedom for change than the existing 56-bit key 
variable alone. 

In the absence of an external source of data for loading the 
tables in read/write memory, a suitable set of default values could 
be transferred to the read/write memory from an area of read only 
memory. Another possibility is for partial modification of the 
table contents starting with initial values obtained from read only 
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CLAIMS 

1. A method of data cipherment in which blocks of input bits are 
converted into blocks of output bits, comprising subjecting the 

' input bits to the operation of an algorithm defining a plurality of 
bit-permutation and/or substitution operations selected under the 
control of a key of substantial length, and changing the operations 
available for selection by the key in response to operation-control 
data received from an external source* 

2. Data cipherment apparatus for converting blocks of input bits 
into blocks of output bits, comprising storage means for storing 
bit-permutation and/or substitution tables defined by an algorithm, 
data conversion means for subjecting input bits to a plurality of 
bit-permutation and/or substitution operations defined by the tables 
in the storage means as selected under the control of a key of 
substantial length to provide the output bits; and means for 
changing the stored tables in response to operation-control data 
received from an external source. 



3. Apparatus according to claim 2, in which the algorithm is based 
on the DES algorithm. 
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